AIUTO!!!devo avere un megavirus...o cmq un bel problema!

[zzhingara]

il mio pc va malissimo
non regge la connessione a msn
non regge la connessione a internet
ogni 2x3 mi si impallano i programmi e devo riavviare...col tasto di accensione...
errori unknow mi chiudono le applicazioni...
ho fatto un hijackthis e questo è il risultato....suggerimenti???


Logfile of HijackThis v1.99.1
Scan saved at 15.11.40, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\jfdg5msqlc.exe
C:\Program Files\Delux\PS2 Keyboard English Edition 2.0\kb_2k.exe
C:\Programmi\Ipsoware\cogeNET\coge20.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Davie\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [microsoft] C:\WINDOWS\system32\kerbero.exe
O4 - HKLM\..\Run: [fix] C:\WINDOWS\system32\regfishdettaglio.exe
O4 - HKLM\..\Run: [StopPhish] C:\WINDOWS\system32\PhishingFix.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [lateshow.exe] C:\WINDOWS\system32\lateshow.exe
O4 - HKCU\..\Run: [wke.exe] C:\WINDOWS\system32\wke.exe
O4 - HKCU\..\Run: [Microsoft Security] C:\WINDOWS\system32\msbase.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PS2 Keyboard English Edition 2.0.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.ciritorno.biz
O15 - Trusted Zone: www.coppiastrana.biz
O15 - Trusted Zone: www.dettaglio.biz
O15 - Trusted Zone: content.licenseacquisition.org
O15 - Trusted Zone: www.melagodo.biz
O15 - Trusted Zone: www.nanobyte.biz
O15 - Trusted Zone: www.pergentina.biz
O15 - Trusted Zone: www.phishingfix.biz
O15 - Trusted Zone: www.playmore.biz
O15 - Trusted Zone: www.preferiti-windows.com
O15 - Trusted Zone: www.ricercadoppia.com
O15 - Trusted Zone: www.scalalap.com
O15 - Trusted Zone: www.super-videochat-community.biz
O15 - Trusted Zone: www.umts-gprs-mondo-telefonino-cellulare.biz
O15 - Trusted Zone: www.vispateresa.biz
O16 - DPF: {01E69986-A054-4C52-ABE8-EF63DF1C5211} - http://www.phishingfix.biz/CheckedUrlList/Ricercadoppia_webinstall/Ricercadoppia.cab
O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.ricercadoppia.com/banner/AnnaNuda.exe
O16 - DPF: {2F6C63DF-48AD-44C3-A761-7FB53ECF064A} - http://www.ricercadoppia.com/tangary.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149257676196
O16 - DPF: {8431328A-1050-42A8-A615-809F40D3037D} - http://www.preferiti-windows.com/engine/FotoPorno.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
O16 - DPF: {9F54BF10-C88E-43FD-AA9E-16BF45747C72} - http://www.phishingfix.biz/CheckedUrlList/Foto.exe
O16 - DPF: {BC4268D7-E1C7-47A9-9F84-6BBEE45E6EB4} - http://www.dettaglio.biz/premio/nokia.exe
O16 - DPF: {FDD394B8-F6A0-4307-95F2-EF3ED18874FB} - http://www.phishingfix.biz/CheckedUrlList/tialla.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6704E735-4D4F-4171-BEE3-20DEC67ECF8C}: NameServer = 213.140.2.21,213.140.2.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{6704E735-4D4F-4171-BEE3-20DEC67ECF8C}: NameServer = 213.140.2.21,213.140.2.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{6704E735-4D4F-4171-BEE3-20DEC67ECF8C}: NameServer = 213.140.2.21,213.140.2.12
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

[qwer1981]

Analizza il tuo log qui: http://www.hijackthis.de/

penso che tu debba fixare piu di qualcosa...

[zzhingara]

Quote:

Originariamente inviato da qwer1981

Analizza il tuo log qui: http://www.hijackthis.de/

penso che tu debba fixare piu di qualcosa...

l'ho provato una volta...ma mi ha fatto fixare delle cose e poi nn mi andava piu internet...e ho dovuto fare un ripristino...non è che mi fidi molto!!!

[FOXYLADY]

Hai un bel pò di schifezze, leggi attentamente questo post
http://www.hwupgrade.it/forum/showthread.php?t=1142673
e segui tutte le indicazioni li riportate

Poi riposta un log di hijackthis in questo thread
http://www.hwupgrade.it/forum/showthread.php?t=1142673

[hargon]

Quote:

Originariamente inviato da zzhingara

l'ho provato una volta...ma mi ha fatto fixare delle cose e poi nn mi andava piu internet...e ho dovuto fare un ripristino...non è che mi fidi molto!!!

probabilmente hai cancellato i dns della tua configurazione.

Se leggi l'analisi con attenzione dovresti cmq riuscire nell'intento di trovare
il o gli intrusi,
occhio cmq ad eventuali rootkit.

[stesio54]

Quote:

Originariamente inviato da FOXYLADY

Hai un bel pò di schifezze, leggi attentamente questo post
http://www.hwupgrade.it/forum/showthread.php?t=1142673
e segui tutte le indicazioni li riportate

Poi riposta un log di hijackthis in questo thread
http://www.hwupgrade.it/forum/showthread.php?t=1142673